Bind9 外部反向查找 DNS 问题

tag-icon tag-icon bind centos5
Bind9 外部反向查找 DNS 问题

我在 Centos 5.10 上运行的一组 bind9 DNS 服务器遇到了问题

服务器位于内部网络上,并通过面向互联网的网络架构进行 NAT,以允许外部资源查找 bind9 服务器托管的外部 DNS 名称和 IP。

绑定反向区域文件内容为:

$ORIGIN .
$TTL 86400      ; 1 day
114.X.41.in-addr.arpa. IN   SOA dns001dns01.myorg.com. hostmaster.myorg.com. (
;;@ IN  SOA dns001dns01.myorg.com. hostmaster.myorg.com. (
            2008110934
            10800
            3600
            604800
            0 )
    IN        NS      dns001dns01.myorg.com.
    IN    NS      dns001dns02.myorg.com.
    IN    NS      dns001dns03.myorg.com.

$ORIGIN 114.X.41.in-addr.arpa.

2   IN  PTR mail.myorg.com.
12  IN  PTR exchmail3.myorg.com.
15  IN  PTR online.myorg.com.
16  IN  PTR exchmail2.myorg.com.
37  IN  PTR toprms.myorg.com. 
5   IN  PTR appraisalworkflow.myorg.com.
14  IN  PTR exchmail5.myorg.com.
78  IN  PTR exchmail.myorg.com.

配置节:

zone "AAA.X.41.in-addr.arpa" IN {
    type master;
    notify yes;
    file "41.X.AAA.rev";
    allow-query { any;};
    allow-update { key rndckey; };
    allow-transfer { 172.30.0.41; 172.30.0.42; 172.20.50.52; };

};

正向查找效果很好,并且正向查找和反向查找在服务器之间以及服务器所连接的内部网络上都有效。但是外部反向查找失败。

是否可以追踪反向域记录停止的位置,以及哪些服务器是特定域的权威反向查找服务器?(我希望我说得有道理,如果没有,请抱歉。)

我尝试从我的计算机到反向区域进行挖掘跟踪(抱歉,我试图用一点模糊来保护无辜者)。许多 BAD(水平)REFERRAL 表示出了问题,但请问这可能是什么?见下文:

        ; <<>> DiG 9.9.5-3-Ubuntu <<>> -x 41.X.AAA.14 +trace  
;; global options: +cmd
.    8479   IN  NS  i.root-servers.net.
.    8479   IN  NS  k.root-servers.net.
.    8479   IN  NS  f.root-servers.net.
.    8479   IN  NS  m.root-servers.net.
.    8479   IN  NS  g.root-servers.net.
.    8479   IN  NS  e.root-servers.net.
.    8479   IN  NS  c.root-servers.net.
.    8479   IN  NS  h.root-servers.net.
.    8479   IN  NS  j.root-servers.net.
.    8479   IN  NS  l.root-servers.net.
.    8479   IN  NS  b.root-servers.net.
.    8479   IN  NS  d.root-servers.net.
.    8479   IN  NS  a.root-servers.net.
.    8479   IN  RRSIG   NS 8 0 518400 20140603000000 20140526230000 40926 . gsG1xrmc32HKMscG4pEQjgTNg2UOKgXTEZEGjg5lY9X14ADCwNleAwfN     XkeAS2cEEJI+Sj8P4gWvKCpgCi7rKSMVPapfelN8huMZHiplWsl0JyaH     xkU6WwAa2ciBIayGuY7vsPY2LGudosN4th+5eXnB0gfIJFCuQjhaK3dI 5iM=
;; Received 1270 bytes from 127.0.1.1#53(127.0.1.1) in 1033 ms

AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns02.myorg.com.
;; Received 215 bytes from 192.112.36.4#53(g.root-servers.net) in 331 ms

AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13805    IN  NS  dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 272 ms

相关内容